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AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A method of dynamically mitigating a noncompliant password, the 

method comprising the machine-implemented steps of: 

obtaining a password from a user when the user attempts to access a service; 

determining whether the password meets quality criteria; and 

if the password meets the quality criteria, granting to the user a first level of access to the 
service, wherein the granting of the first level of access to the service is dependant 
on the password exceeding a quality criteria threshold; 

if the password does not meet the quality criteria, granting to the user a different level of 
access to the service than if the password meets the quality criteria; 

wherein the user is associated with a particular user role , of a plurality of user roles , and 
wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user 
role and wherein a different quality criteria is associated with each user role in the 
plurality of user roles ; 

wherein the quality criteria is based, at least in part, on the strength of the password; 

wherein the method is performed by one or more computing devices. 

2. (Previously Presented) The method of Claim 1, further comprising: 

if the password meets a second quality criteria, granting to the user a second level of 
access to the service, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria. 

3. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, performing one or more of: 
logging information related to the password; 
sending a report about the password; 
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generating an alert about the password; 
forcing a password change; or 
blocking the user' s access to the service. 

4. (Original) The method of Claim 1, wherein the method further comprises, if the password 

does meet the quality criteria, providing user access to the service. 

5. (Original) The method of Claim 1, wherein the step of determining whether the password 

meets quality criteria further comprises one or more of the steps of: 
performing a dictionary look-up based on the one or more symbols used in the password; 
checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the password; 
checking the sequencing of characters in the one or more symbols used in the password; 
or 

performing statistical analysis based on the one or more symbols used in the password. 

6. (Original) The method of Claim 1, wherein the step of performing one or more responsive 

actions that relate to accessing the service comprises logging information related to the 
password. 

7. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, sending a report about the password. 

8. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, generating an alert about the password. 

9. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, forcing a password change. 

10. (Previously presented) The method of Claim 1, further comprising if the password does not 

meet the quality criteria, blocking the user's access to the service. 
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11. (Original) The method of Claim 1, wherein obtaining the password from the user comprises 

obtaining the password from the user via a graphical user interface. 

12. (Original) The method of Claim 1, wherein obtaining the password from the user comprises 

obtaining the password from the user via an electronic interface. 

13. (Original) The method of Claim 1, wherein the method further comprises the step of 

determining a quality score for the password, and wherein the step of determining 
whether the password meets quality criteria comprises comparing the quality score to a 
predefined threshold value. 

14. (Original) The method of Claim 1, further comprising the steps of: 

obtaining the password from a repository of passwords; 

making a first determination whether the password meets quality criteria; and 

storing in a particular machine-readable medium an indication of the first 

determination for the password; 
wherein the step of determining whether the password meets quality criteria comprises 

accessing the particular machine-readable medium. 

15. (Cancelled) 

16. (Original) The method of Claim 1, wherein determining whether the password meets quality 

criteria comprises determining whether the password meets quality criteria for the service. 

17. (Original) The method of Claim 1, wherein the step of obtaining the password comprises an 

access service obtaining the password from the user when the user attempts to access the 
service, and wherein the access service comprises machine executable instructions 
executing on a particular machine, and the service comprises machine executable 
instruction executing on the same particular machine. 

18. (Original) The method of Claim 1, wherein the step of obtaining the password comprises an 

access service obtaining the password from the user when the user attempts to access the 
service, and wherein the access service comprises machine executable instructions 
executing on a first machine and the service comprises machine executable instructions 
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executing on a second machine, wherein the first machine is distinct from the second 
machine. 

19. (Currently Amended) A method of dynamically mitigating a noncompliant password, the 
method comprising the machine-implemented steps of: 
obtaining a password from a user when the user attempts to access a service; 
determining whether the password meets quality criteria; and 

if the password meets the quality criteria, granting to the user a first level of access to the 
service, wherein the granting of the first level of access to the service is dependant 
on the password exceeding a quality criteria threshold; 

if the password does not meet the quality criteria, granting to the user a different level of 
access to the service than if the password meets the quality criteria; 

wherein the user is associated with a particular user role, of a plurality of user roles, and 
wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user 
role and wherein a different quality criteria is associated with each user role in the 
plurality of user roles ; 

wherein the quality criteria is based, at least in part, on the strength of the password; 

wherein the step of determining whether the password meets quality criteria further 
comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the 
password; 

checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the 
password; 

-5 - 



Serial No. 10/825,827; Filed 4/16/2004 
Reply to Office Action 



Docket No. 50325-0874 



checking the sequencing of characters in the one or more symbols used in the 
password; or 

performing statistical analysis based on the one or more symbols used in the 
password; [] 

wherein the method is performed by one or more computing devices. 

20. (Currently Amended) A non-transitory machine-readable medium carrying one or more 

sequences of instructions for dynamically mitigating a noncompliant password, which 
instructions, when executed by one or more processors, cause the one or more processors 
to carry out the steps of: 

obtaining a password from a user when the user attempts to access a service; 
determining whether the password meets quality criteria; and 

if the password meets the quality criteria, granting to the user a first level of access to the 
service, wherein the granting of the first level of access to the service is dependant 
on the password exceeding a quality criteria threshold; 

if the password does not meet the quality criteria, granting to the user a different level of 
access to the service than if the password meets the quality criteria; 

wherein the user is associated with a particular user role , of a plurality of user roles , and 
wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user 
role and wherein a different quality criteria is associated with each user role in the 
plurality of user roles; 

wherein the quality criteria is based, at least in part, on the strength of the password . 

21. (Previously Presented) The non- transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: 

if the password meets a second quality criteria, granting to the user a second level of 
access to the service, wherein the second level of access to the service is 
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associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria. 

22. (Previously Presented) The non-transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
performing one or more of: 

logging information related to the password; 

sending a report about the password; 

generating an alert about the password; 

forcing a password change; or 

blocking the user' s access to the service. 

23. (Previously Presented) The non-transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out the step of, if the password does meet the quality 
criteria, providing user access to the service. 

24. (Previously Presented) The non-transitory machine-readable medium of Claim 20, 

wherein the step of determining whether the password meets quality criteria further 
comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the password; 
checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the password; 
checking the sequencing of characters in the one or more symbols used in the password; 
or 

performing statistical analysis based on the one or more symbols used in the password. 
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25. (Previously Presented) The non- transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
logging information related to the password. 

26. (Previously Presented) The non-transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
sending a report about the password. 

27. (Previously Presented) The non-transitoiy machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
generating an alert about the password. 

28. (Previously Presented) The non- transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
forcing a password change. 

29. (Previously Presented) The non-transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out: if the password does not meet the quality criteria, 
blocking the user' s access to the service. 

30. (Previously Presented) The non-transitory machine-readable medium of Claim 20, 

wherein obtaining the password from the user comprises obtaining the password from the 
user via a graphical user interface. 

3 1 . (Previously Presented) The non-transitory machine-readable medium of Claim 20, 

wherein obtaining the password from the user comprises obtaining the password from the 
user via an electronic interface. 
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32. (Previously Presented) The non-transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out the step of determining a quality score for the 
password, and wherein the step of determining whether the password meets quality 
criteria comprises comparing the quality score to a predefined threshold value. 

33. (Previously Presented) The non-transitory machine-readable medium of Claim 20, further 

comprising instructions which, when executed by the one or more processors, cause the 
one or more processors to carry out the steps of: 

obtaining the password from a repository of passwords; 

making a first determination whether the password meets quality criteria; and 

storing in a particular machine-readable medium an indication of the first 
determination for the password; 
and wherein the step of determining whether the password meets quality criteria 

comprises accessing the particular machine-readable medium. 

34. (Cancelled) 

35. (Previously Presented) The non-transitory machine-readable medium of Claim 20, 

wherein determining whether the password meets quality criteria comprises determining 
whether the password meets quality criteria for the service. 

36. (Currently Amended) An apparatus for dynamically mitigating a noncompliant password, 

comprising: 

one or more processors; 

means for obtaining a password from a user when the user attempts to access a service; 

means for determining whether the password meets quality criteria; and 

means for granting a first level of access to the service if the password meets the quality 

criteria, wherein the first level of access to the service is associated with the 

quality criteria; 
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means for granting a different level of access, if the password does not meet the quality 
criteria, than if the password meets the quality criteria; 

wherein the user is associated with a particular user role , of a plurality of user roles , and 
wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user 
role and wherein a different quality criteria is associated with each user role in the 
plurality of user roles; 

wherein the quality criteria is based, at least in part, on the strength of the password . 

37. (Previously Presented) The apparatus of Claim 36, further comprising: 

means for granting to the user a second level of access to the service, if the password 

meets a second quality criteria, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria.. 

38. (Previously presented) The apparatus of Claim 36, further comprising means for performing, 

if the password does not meet the quality criteria, one or more of: 
means for logging information related to the password; 
means for sending a report about the password; 
means for generating an alert about the password; 
means for forcing a password change; or 
means for blocking the user's access to the service. 

39. (Original) The apparatus of Claim 36, wherein the apparatus further comprises means for 

providing user access to the service if the password does meet the quality criteria. 

40. (Original) The apparatus of Claim 36, wherein the means for determining whether the 

password meets quality criteria further comprises one or more of: 

means for performing a dictionary look-up based on the one or more symbols used in the 
password; 
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means for checking the length of the one or more symbols used in the password; 
means for checking the number of unique characters of the one or more symbols used in 
the password; 

means for checking the case of the characters in the one or more symbols used in the 
password; 

means for checking the sequencing of characters in the one or more symbols used in the 
password; or 

means for performing statistical analysis based on the one or more symbols used in the 
password. 

41. (Previously presented) The apparatus of Claim 36, further comprising means for logging 

information related to the password, if the password does not meet the quality criteria. 

42. (Previously presented) The apparatus of Claim 36, further comprising means for sending a 

report about the password, if the password does not meet the quality criteria. 

43. (Previously presented) The apparatus of Claim 36, further comprising means for generating 

an alert about the password, if the password does not meet the quality criteria. 

44. (Previously presented) The apparatus of Claim 36, further comprising means for forcing a 

password change, if the password does not meet the quality criteria. 

45. (Previously presented) The apparatus of Claim 36, further comprising means for blocking the 

user's access to the service, if the password does not meet the quality criteria. 

46. (Original) The apparatus of Claim 36, wherein the means for obtaining the password from 

the user comprises means for obtaining the password from the user via a graphical user 
interface. 

47. (Original) The apparatus of Claim 36, wherein the means for obtaining the password from 

the user comprises means for obtaining the password from the user via an electronic 
interface. 

48. (Original) The apparatus of Claim 36, wherein the apparatus further comprises means for 

determining a quality score for the password, and wherein the means for determining 
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whether the password meets quality criteria comprises means for comparing the quality 
score to a predefined threshold value. 

49. (Original) The apparatus of Claim 36, further comprising: 

means for obtaining the password from a repository of passwords; 
means for making a first determination whether the password meets quality 
criteria; and 

means for storing in a particular machine-readable medium an indication of the 
first determination for the password; 
and wherein the means for determining whether the password meets quality criteria 
comprises means for accessing the particular machine-readable medium. 

50. (Cancelled) 

51. (Original) The apparatus of Claim 36, wherein means for determining whether the password 

meets quality criteria comprises means for determining whether the password meets 
quality criteria for the service. 

52. (Original) The apparatus of Claim 36, wherein the means for obtaining the password 

comprises means for an access service to obtain the password from the user when the user 
attempts to access the service, and wherein the access service comprises means for 
executing on a particular machine, and wherein the service comprises means for 
executing on the same particular machine. 

53. (Original) The apparatus of Claim 36, wherein the means for obtaining the password 

comprises means for an access service to obtain the password from the user when the user 
attempts to access the service, and wherein the access service comprises means for 
executing on a first machine and the service comprises means for executing on a second 
machine, wherein the first machine is distinct from the second machine. 

54. (Currently Amended) An apparatus for dynamically mitigating a noncompliant password, 

comprising: 
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a network interface that is coupled to the data network for receiving one or more packet 

flows therefrom; 
a processor; 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out the steps of: 

obtaining a password from a user when the user attempts to access a service; 

determining whether the password meets quality criteria; and 

if the password meets the quality criteria, granting to the user a first level of 

access to the service, wherein the granting of the first level of access to the 
service is dependant on the password exceeding a quality criteria 
threshold; 

if the password does not meet the quality criteria, granting to the user a different 
level of access to the service than if the password meets the quality 
criteria; 

wherein the user is associated with a particular user role , of a plurality of user roles , and 
wherein determining whether the password meets quality criteria comprises 
determining whether the password meets quality criteria for the particular user 
role and wherein a different quality criteria is associated with each user role in the 
plurality of user roles; 

wherein the quality criteria is based, at least in part, on the strength of the password . 
55. (Previously Presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 

cause the processor to carry out: 

if the password meets a second quality criteria, granting to the user a second level of 
access to the service, wherein the second level of access to the service is 
associated with the second quality criteria, wherein the second quality criteria is 
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distinct from the quality criteria and wherein, if a particular password meets the 
quality criteria, then the password meets the second quality criteria. 

56. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
performing one or more of: 

logging information related to the password; 

sending a report about the password; 

generating an alert about the password; 

forcing a password change; or 

blocking the user' s access to the service. 

57. (Original) The apparatus of Claim 54, wherein the apparatus further comprises one or more 

stored sequences of instructions which, when executed by the processor, cause the 
processor to carry out the step of, if the password does meet the quality criteria, providing 
user access to the service. 

58. (Original) The apparatus of Claim 54, wherein the step of determining whether the password 

meets quality criteria comprises one or more of the steps of: 

performing a dictionary look-up based on the one or more symbols used in the password; 
checking the length of the one or more symbols used in the password; 
checking the number of unique characters of the one or more symbols used in the 
password; 

checking the case of the characters in the one or more symbols used in the password; 
checking the sequencing of characters in the one or more symbols used in the password; 
or 

performing statistical analysis based on the one or more symbols used in the password. 

59. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
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cause the processor to carry out: if the password does not meet the quality criteria, 
logging information related to the password. 

60. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
sending a report about the password. 

61. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
generating an alert about the password. 

62. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, forcing 
a password change. 

63. (Previously presented) The apparatus of Claim 54, wherein the apparatus further comprises 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out: if the password does not meet the quality criteria, 
blocking the user' s access to the service. 

64. (Original) The apparatus of Claim 54, wherein obtaining the password from the user 

comprises obtaining the password from the user via a graphical user interface. 

65. (Original) The apparatus of Claim 54, wherein obtaining the password from the user 

comprises obtaining the password from the user via an electronic interface. 

66. (Original) The apparatus of Claim 54, wherein the apparatus further comprises one or more 

stored sequences of instructions which, when executed by the processor, cause the 
processor to carry out the step of determining a quality score for the password, and 
wherein the step of determining whether the password meets quality criteria comprises 
comparing the quality score to a predefined threshold value. 
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67. (Original) The apparatus of Claim 54, further comprising one or more stored sequences of 

instructions which, when executed by the processor, cause the processor to carry out the 
steps of: 

obtaining the password from a repository of passwords; 
making a first determination whether the password meets quality criteria; and 
storing in a particular machine-readable medium an indication of the first 
determination for the password; 
and wherein the step of determining whether the password meets quality criteria 
comprises accessing the particular machine-readable medium. 

68. (Cancelled) 

69. (Original) The apparatus of Claim 54, wherein determining whether the password meets 

quality criteria comprises determining whether the password meets quality criteria for the 
service. 

70. (Original) The apparatus of Claim 54, wherein the step of obtaining the password comprises 

an access service obtaining the password from the user when the user attempts to access 
the service, and wherein the access service comprises machine executable instructions 
executing on the apparatus, and the service comprises machine executable instruction 
executing on the same apparatus. 

71. (Original) The apparatus of Claim 54, wherein the step of obtaining the password comprises 

an access service obtaining the password from the user when the user attempts to access 
the service, and wherein the access service comprises machine executable instructions 
executing on a first machine and the service comprises machine executable instructions 
executing on a second machine, wherein the first machine is distinct from the second 
machine. 



